Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

The Events Calendar — Vulnerabilities & Security Advisories 23

All 23 CVE vulnerabilities found in The Events Calendar, with AI-generated Chinese analysis, references, and POCs.

Vendor: Unknown

CVE IDTitleCVSSSeverityPublished
CVE-2026-3585 The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import CWE-22 7.5 High2026-03-10
CVE-2026-2694 The Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API CWE-285 5.4 Medium2026-02-25
CVE-2025-15043 The Events Calendar <= 6.15.13 - Missing Authorization to Authenticated (Subscriber+) Data Migration Control CWE-862 5.4 Medium2026-01-20
CVE-2025-69352 WordPress The Events Calendar plugin <= 6.15.12.2 - Broken Access Control vulnerability CWE-862 5.4 Medium2026-01-06
CVE-2025-12192 The Events Calendar <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure CWE-697 5.3 Medium2025-11-05
CVE-2025-12197 The Events Calendar 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s CWE-89 7.5 High2025-11-05
CVE-2025-12175 The Events Calendar <= 6.15.9 - Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure CWE-862 4.3 Medium2025-10-31
CVE-2025-9808 The Events Calendar <= 6.15.2 - Missing Authorization to Unauthenticated Password-Protected Information Disclosure CWE-200 5.3 Medium2025-09-16
CVE-2025-9807 The Events Calendar <= 6.15.1 - Unauthenticated SQL Injection CWE-89 7.5 High2025-09-12
CVE-2025-5144 The Events Calendar <= 6.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting CWE-79 6.4 Medium2025-06-11
CVE-2025-48246 WordPress The Events Calendar plugin <= 6.11.2.1 - Broken Access Control Vulnerability CWE-862 5.4 Medium2025-05-19
CVE-2024-8493 The Events Calendar < 6.6.4 - Admin+ Stored XSS 4.8AIMediumAI2025-05-15
CVE-2025-24537 WordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 5.4 Medium2025-01-27
CVE-2024-12118 The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-01-23
CVE-2024-37518 WordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 4.3 Medium2025-01-02
CVE-2024-5333 The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure 5.3 -2024-12-16
CVE-2023-35777 WordPress The Events Calendar plugin <= 6.1.2.2 - Broken Access Control vulnerability CWE-862 5.3 Medium2024-12-13
CVE-2024-6931 The Events Calendar <= 6.6.3 - Unauthenticated Stored Cross-Site Scripting CWE-79 7.2 High2024-09-27
CVE-2024-8275 The Events Calendar <= 6.6.4 - Unauthenticated SQL Injection CWE-89 9.8 Critical2024-09-25
CVE-2024-4180 The Events Calendar < 6.4.0.1 - Reflected XSS 6.1AIMediumAI2024-06-04
CVE-2024-31433 WordPress The Events Calendar plugin <= 6.3.0 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 4.3 Medium2024-04-15
CVE-2023-6557 The Events Calendar <= 6.2.8.2 - Unauthenticated Sensitive Information Exposure CWE-862 5.3 Medium2024-02-05
CVE-2023-6203 The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read 7.5AIHighAI2023-12-18

All 23 known CVE vulnerabilities affecting The Events Calendar with full Chinese analysis, references, and POCs where available.